Legal claims defining the scope of protection, as filed with the USPTO.
1. A computer implemented method for protocol based key management, the computer implemented method comprising: identifying a key management protocol associated with a key request, the key management protocol being one of a plurality of key management protocols supported by a key management system; selecting a first subset from a set of policies using the key management protocol; computing a set of permissions based on the first subset of policies, the set of permissions indicating whether the key request is permitted under the key management protocol, wherein the set of permissions in a protocol based key management system is computationally smaller than a possible set of permissions computable for the key request, and wherein the first subset of policies based on the key management protocol causes the set of permissions to be computer with a smaller computational cost than the possible set of permissions; and caching the set of permissions in a cache in a data storage device.
2. The computer implemented method of claim 1 , further comprising: receiving the key request at a key management system from a requestor entity; identifying a group to which the requestor entity belongs; determining whether a permission for the group and the key management protocol exists in the cache; and responsive to the determining being affirmative, using the permission from the cache to process the key request.
3. The computer implemented method of claim 2 , further comprising: responsive to the determining being negative, computing a subset of permissions from the set of permissions, the subset of permissions indicating whether the group is permitted to send the key request under the key management protocol; and caching the subset of permissions in the cache.
4. The computer implemented method of claim 1 , further comprising: identifying a request type associated with the key request; computing a permission, wherein the computing uses the set of permissions and a second subset of the set of policies, the permission indicating whether the request type is permitted on the key management protocol; and using the permission to process the key request.
5. The computer implemented method of claim 4 , wherein using the permission to process the request further comprises: responsive to the permission being affirmative, sending a response to a sender of the key request, the response providing a key to the sender.
6. The computer implemented method of claim 1 , further comprising: identifying a role of a sender of the key request; computing a permission, wherein the computing uses the set of permissions and a third subset of the set of policies, the permission indicating whether the sender in the identified role is permitted to send the key request using the key management protocol; and using the permission to process the key request.
7. A computer usable program product comprising a computer usable non-transitory storage medium including computer usable code for protocol based key management in a protocol based key management system, the computer usable code comprising: computer usable code for identifying a key management protocol associated with a key request, the key management protocol being one of a plurality of key management protocols supported by a key management system; computer usable code for selecting a first subset from a set of policies using the key management protocol; computer usable code for computing a set of permissions based on the first subset of policies, the set of permissions indicating whether the key request is permitted under the key management protocol, wherein the set of permissions in the protocol based key management system is computationally smaller than a possible set of permissions computable for the key request, and wherein the first subset of policies based on the key management protocol causes the set of permissions to be computed with a smaller computational cost than the possible set of permissions; and computer usable code for caching the set of permissions in a cache in a data storage device.
8. The computer usable program product of claim 7 , further comprising: computer usable code for receiving the key request at a key management system from a requestor entity; computer usable code for identifying a group to which the requestor entity belongs; computer usable code for determining whether a permission for the group and the key management protocol exists in the cache; and computer usable code for responsive to the determining being affirmative, using the permission from the cache to process the key request.
9. The computer usable program product of claim 8 , further comprising: computer usable code for responsive to the determining being negative, computing a subset of permissions from the set of permissions, the subset of permissions indicating whether the group is permitted to send the key request under the key management protocol; and computer usable code for caching the subset of permissions in the cache.
10. The computer usable program product of claim 7 , further comprising: computer usable code for identifying a request type associated with the key request; computer usable code for computing a permission, wherein the computing uses the set of permissions and a second subset of the set of policies, the permission indicating whether the request type is permitted on the key management protocol; and computer usable code for using the permission to process the key request.
11. The computer usable program product of claim 10 , wherein using the permission to process the request further comprises: computer usable code for responsive to the permission being affirmative, sending a response to a sender of the key request, the response providing a key to the sender.
12. The computer usable program product of claim 7 , further comprising: computer usable code for identifying a role of a sender of the key request; computer usable code for computing a permission, wherein the computing uses the set of permissions and a third subset of the set of policies, the permission indicating whether the sender in the identified role is permitted to send the key request using the key management protocol; and computer usable code for using the permission to process the key request.
13. The computer usable program product of claim 7 , wherein the computer usable code is stored in a computer readable storage medium in a data processing system, and wherein the computer usable code is transferred over a network from a remote data processing system.
14. The computer usable program product of claim 7 , wherein the computer usable code is stored in a computer readable storage medium in a server data processing system, and wherein the computer usable code is downloaded over a network to a remote data processing system for use in a computer readable storage medium associated with the remote data processing system.
15. A protocol based key management system for protocol based key management, comprising: a storage device including a storage medium, wherein the storage device stores computer usable program code; and a processor, wherein the processor executes the computer usable program code, and wherein the computer usable program code comprises: computer usable code for identifying a key management protocol associated with a key request, the key management protocol being one of a plurality of key management protocols supported by a key management system; computer usable code for selecting a first subset from a set of policies using the key management protocol; computer usable code for computing a set of permissions based on the first subset of policies, the set of permissions indicating whether the key request is permitted under the key management protocol, wherein the set of permissions in the protocol based key management system is computationally smaller than a possible set of permissions computable for the key request, and wherein the first subset of policies based on the key management protocol causes the set of permissions to be computed with a smaller computational cost than the possible set of permissions; and computer usable code for caching the set of permissions in a cache in a data storage device.
16. The protocol based key management system of claim 15 , further comprising: computer usable code for receiving the key request at a key management system from a requestor entity; computer usable code for identifying a group to which the requestor entity belongs; computer usable code for determining whether a permission for the group and the key management protocol exists in the cache; and computer usable code for responsive to the determining being affirmative, using the permission from the cache to process the key request.
17. The protocol based key management system of claim 16 , further comprising: computer usable code for responsive to the determining being negative, computing a subset of permissions from the set of permissions, the subset of permissions indicating whether the group is permitted to send the key request under the key management protocol; and computer usable code for caching the subset of permissions in the cache.
18. The protocol based key management system of claim 15 , further comprising: computer usable code for identifying a request type associated with the key request; computer usable code for computing a permission, wherein the computing uses the set of permissions and a second subset of the set of policies, the permission indicating whether the request type is permitted on the key management protocol; and computer usable code for using the permission to process the key request.
19. The protocol based key management system of claim 18 , wherein using the permission to process the request further comprises: computer usable code for responsive to the permission being affirmative, sending a response to a sender of the key request, the response providing a key to the sender.
20. The protocol based key management system of claim 15 , further comprising: computer usable code for identifying a role of a sender of the key request; computer usable code for computing a permission, wherein the computing uses the set of permissions and a third subset of the set of policies, the permission indicating whether the sender in the identified role is permitted to send the key request using the key management protocol; and computer usable code for using the permission to process the key request.
Unknown
November 6, 2018
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.